Ryland Posted February 24, 2019 Share Posted February 24, 2019 (edited) I had the message about a possible hack attempt on the Feb 20th and when I looked in the syslog I found that they were coming from the ip address of my wife's laptop. I then scanned her laptop with both Avast AV and Malwarebytes, both of which came up clean. The login attempts were against both a telnet session attempting to use username UNKNOWN and proftpd using both "admin" and "Admin". Has anybody seen this combo of attempts to point me in the right direction on her laptop? Nuking it from orbit is the last thing I want to do. Thanks all! Edit: I am putting this at the top so that people dont have to scroll down. The culprit ended up being Avast Antivirus which I had scan my wife's laptop. One of its scans found my server and did a security check on it, which caused the login attempts. Edited February 28, 2019 by Ryland Add in what was found Quote Link to comment
Frank1940 Posted February 24, 2019 Share Posted February 24, 2019 It has been several years since I been involved in dealing with a problem like this. But back then, there were several antivirus/malware which ran from self-booting media. These permitted the antivirus to do its work without the problem of the malware blocking the scanning process. You should probably google for these products (they are usually free). You can also google for the problem you have with this WIN10 computer and see if the larger world has seen this type of attack... Quote Link to comment
Ryland Posted February 24, 2019 Author Share Posted February 24, 2019 I did what you suggested and found that Avast, in their infinite wisdom, attempts to hack into network devices when running a home network scan. That probably generated those login attempts because Im 99% sure that Wednesday was when I was updating my wife's laptop and running scans on it. 1 Quote Link to comment
Squid Posted February 24, 2019 Share Posted February 24, 2019 47 minutes ago, Ryland said: in their infinite wisdom, attempts to hack into network devices when running a home network scan. That's actually not a bad thing - checking for default logins and passwords that have never been changed. 1 Quote Link to comment
Ryland Posted February 24, 2019 Author Share Posted February 24, 2019 12 minutes ago, Squid said: That's actually not a bad thing - checking for default logins and passwords that have never been changed. Not informing you that they are going to do it is the bad thing. I also havent found a way to turn that off either. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.